Our autonomous, multi-agent engine eliminates manual intervention:
-
Context and Drafting agents synthesize product logic and existing unit tests to author initial fuzzing harnesses.
-
Building and Testing agents execute the code and feed real-time compiler and linker errors into a Hallucination Cleaner agent, which acts as an automated mechanic to repair broken dependencies and build configurations.
-
Quality Analyzer agents monitor runtime execution, actively adjusting inputs to bypass code blockers and penetrate deeper into complex, stateful APIs.
4. The unified AI patching pipeline
Finding thousands of vulnerabilities at scale can create a dangerous remediation backlog without proper planning. To close the exposure window, our discovery tools route findings directly into an autonomous remediation pipeline:
-
The Reproduce agent replicates the crash in the sandbox.
-
The Bug Context agent maps the failure execution path.
-
The Patch agent generates a targeted code fix.
-
The Evaluation agent runs a rigorous regression loop (that re-compiles code and executes tests) to ensure the patch is safe. Only fully-validated fixes are submitted to a human reviewer.
5. Autonomous and secure posture management
Post-launch, we maintain security integrity with an autonomous security posture management (ASPM) system. By converting our security standard catalog into programmable skills files, the ASPM system continuously checks production systems for configuration drift, automatically triggering agentic remediation when a violation occurs.
Continuous augmentation via self-reflection
Stateless AI systems repeatedly fall into the same logical traps, such as attempting to fix bugs inefficiently and hallucinating about non-existent code. Our framework solves this by introducing a post-hoc self-reflection loop. After a workflow concludes, a dedicated reflection agent analyzes execution logs, tool histories, and human feedback.
Successful trajectories and design patterns are permanented into a global knowledge store. When future agents spin up, this intelligence is injected directly into their context window, creating a compounding-interest effect on our security engineering. This approach has helped us to improve both the vulnerability fix success rate and efficiency.
Moving toward immune software
Google Cloud’s internal journey demonstrates that protecting software at AI-scale requires a fundamental paradigm shift from human-dependent checklists to proactive multi-agent orchestration. By pairing open-source tooling like Mantis with autonomous, self-healing execution loops, we are pioneering a future of “immune” software development — where applications continuously discover, validate, and patch their own weaknesses in real-time.
You can learn more about how we use Mantis and other tools to find and fix vulnerabilities at machine-speed here.
